From 926d41f0e74cc7578d71cfe12a970c9309bddfbc Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Thu, 11 Feb 2016 11:57:12 -0500 Subject: [PATCH] Updated some comments for BCryptSHA256PasswordHasher. --- django/contrib/auth/hashers.py | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index 046b196181..5136110fa1 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -290,14 +290,11 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher): def encode(self, password, salt): bcrypt = self._load_library() - # Need to reevaluate the force_bytes call once bcrypt is supported on - # Python 3 - - # Hash the password prior to using bcrypt to prevent password truncation - # See: https://code.djangoproject.com/ticket/20138 + # Hash the password prior to using bcrypt to prevent password + # truncation as described in #20138. if self.digest is not None: - # We use binascii.hexlify here because Python3 decided that a hex encoded - # bytestring is somehow a unicode. + # Use binascii.hexlify() because a hex encoded bytestring is + # Unicode on Python 3. password = binascii.hexlify(self.digest(force_bytes(password)).digest()) else: password = force_bytes(password) @@ -310,11 +307,11 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher): assert algorithm == self.algorithm bcrypt = self._load_library() - # Hash the password prior to using bcrypt to prevent password truncation - # See: https://code.djangoproject.com/ticket/20138 + # Hash the password prior to using bcrypt to prevent password + # truncation as described in #20138. if self.digest is not None: - # We use binascii.hexlify here because Python3 decided that a hex encoded - # bytestring is somehow a unicode. + # Use binascii.hexlify() because a hex encoded bytestring is + # Unicode on Python 3. password = binascii.hexlify(self.digest(force_bytes(password)).digest()) else: password = force_bytes(password)